Article contributed by Rodrigo Jonas Fragola. February 16, 2021

Currently, we have been bombarded with news about mega leaks in Brazil, with data reaching billions in number of leaked records. Passwords, names, identification numbers, addresses, family relationships, etc. Data that for the most part had been circulating on the Deep Web for a long time and were promptly organized and updated in a central information offer.

Everyone already knows the threat that this type of leak can bring to the affected individuals, such as counterfeiting of boletos (a payment method in Brazil), printing of credit cards, fake accounts at fintech and banks, purchase of products on behalf of third parties and weakening of digital identification systems in general. In practice, nothing new, but now with much more information available from a larger number of people and in the same organized offer.

This organized offer of a series of leaks is what really appears new in this scenario. Generally, the attacker who sells the information wants a certain exclusivity of the database that is being offered, generating “value” to his offer. Thus, the intention to unite several types of information from different leaks seems to go against the standard action of the cybercriminals.

Observing the damage to society and not to the individual, the fact that we have practically all types of relevant information in just one place, makes it easy to commit frauds and digital impersonation actions.

This easy to query database can be used by different groups, with different motivations, including non-financial ones. The sum of the actions of all these groups generates a massive attack front with a heterogeneous nature and without a central chain of command, which is difficult to mitigate. We then have a mass attack process.

In a continental country like Brazil that needs to go through the digitalization process, this type of massive attack can put down many initiatives that are beneficial to the country, in addition to the individual financial damages.

In the 5th generation war, this would be a very efficient way to weaken a country, an economy. Offer third parties a tool associated with a timely benefit where the action harms your opponent, without a direct link or chain of command, aiming at much greater damage, focused on the information infrastructure.

Could it be?

Rodrigo Jonas Fragola, CEO of OGASEC, is a security specialist helping companies build safer digital environments